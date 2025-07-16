NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v4.0
TPM Measurements

The COMex in the switch tray is equipped with a server-grade CPU, connected to a discrete TPM. During boot, the firmware performs a measured boot and extends each measurement to the appropriate PCRs, in accordance with TCG standards.

Currently, attestation supports measurements of the core UEFI, drivers, and security configurations through PCRs 0 and 7.

TPM remote attestation reports these measurements and the platform's state externally.

  • A verifier queries the attester about its state and measurements

  • The TPM then sends a quote, signed by its Attestation Key

  • This quote serves as a cryptographic attestation of the device's state, including the PCRs measured during boot

  • An external verifier validates the quote and compares it against known good measurements

image-2025-3-6_16-2-39-1-version-1-modificationdate-1752655603207-api-v2.png

The following table describes the measurements returned by the TPM attestation feature, and whether they have a measurement reference:

CoMID Index

What is measured

Part of Reference?

1

Measurement Block Format

Yes

2

PCR0 -SRTM, BIOS, Host Platform Extensions, Embedded Option ROMs and PI Drivers

Yes

4

PCR1: Host Platform Configuration

No

6

PCR2:UEFI driver and application Code

No

8

PCR3:UEFI driver and application Configuration and Data

No

10

PCR4:Shim, Grub and kernel boot loaders

No

12

PCR5:Boot Manager Code Configuration and Data (for use by the Boot Manager Code) and GPT/Partition Table

No

14

PCR6:Host Platform Manufacturer Specific

No

16

PCR7:Secure Boot Policy, Secure boot Verification Authority

Yes
